NISTNIST’s publication focus on minimum standards and best practices for 14 different “Security Requirement Families,” including access, incidence response, and assessments of information systems and security controls. It provides a detailed list of basic and derived security requirements federal contractors need to employ to meet each of the standards.

DoD is the first agency to move toward implementation of the NIST rules, with other agencies sure to follow.

On August 26, 2015, DoD published a rule amending the Defense Federal Acquisition Regulation Supplement (DFARS). Subsequently, on December 30, 2015, DoD provided notice that both large and small contractors would be given more time – until December 31, 2017 – to comply with the rules. Until that time, however, contractors still would be required to document both their cybersecurity shortcomings as well as their progress toward full compliance with NIST rules. According to the DFARS, in order to qualify for DoD contracts, businesses would not be allowed to have any security system gaps when full compliance with the NIST guidelines becomes mandatory on December 31, 2017. READ MORE….

Contact your nearest PTAC if you have any questions about implementation of this Executive Order.